We just published new book: Risk Management Perspectives In Corporate Governance (part II)
Proposed Twenty (20) Principles of RM and 20 RM quality standards
Next, not only we suggest to implement a RM form in Appendix for the above 20 elements of RM quality standards, but we also continue to propose 20 principles of a so-called good risk management system which can be used in most of companies, from small to medium to big size, esp. in developing countries including Vietnam as following:
Principle 1 – The company needs to ensure controlling environment with management and supervisor participation to set up regulation for RM and financial accounting control, scope of management committees, and external oversight degree.
Principle 2 – For project risk management, risk identification need to be done in milestones development stages as well as at the beginning phase.
Principle 3 – The company need to develop risk responses after economic recession caused by trade war and social risks such as Covid 19, etc.
Principle 4 – RM standards are intended to be an effective tool to support strong corporate governance as well as Quality management system ISO 9001.
Principle 5 – The company ensures strong corporate governance structure because it has positive correlation with effective risk management system.
Principle 6 – RM reports need to be connected with good ERP system and effective management information system.
Principle 7 – The corporation understands it is important to build good infrastructure and information security to avoid and mitigate IT risks
Principle 8 – The internal control system should be coordinated with RM function to analyze risks both from internal and external environments.
Principle 9 – Corporation needs to use and apply good models such as PDCA or DMAIC or combination of SWOT and 7S into business operation, management and esp. Risk management functions.
Principle 10 – Corporate management pay attention to environmental and social risks for CSR and sustainable development
Principle 11 – Corporate management needs to use financial specialists and experts to combine due-diligence and options valuing in business and investment decision making.
Principle 12 – Risk management culture need to be understood and implemented properly and rationally by CEO, Board and management.
Principle 13 – Board and management understand it is necessary to perform risk analysis for each level of strategy and use scenario analysis of RM fitting to firm strategies.
Principle 14 – Depending on business situation,the firm may decide proper form of monitoring risks, either continuous monitoring or separate evaluating.
Principle 15 – The firm set up clear duties and roles separated with proper and limit of authorization of transactions and activities.
Principle 16 – CEO and Board might consider to issue Risk appetite statement or group risk statement to direct RM activities and control.
Principle 17 – Board and management understand the crucial role of risk prevention program and activities just like risk control activities.
Principle 18 – Corporation ensure an cooperative and RM culture, as well as promote a consulting culture among colleagues, management and supervisors.
Principle 19 – CEO, Board and Management direct RM, internal control and audit to control risk in each sector or industry, or group of customers, with their own risk limit and expected return.
Principle 20 – Depending on firm size, the firm will prepare certain budget for RM and set up effective channels of communication, monitoring and review of risk policies
(Source: made by main author)